USN-435-1: Xine vulnerability

12 March 2007

xine-lib vulnerability

A security issue affects these releases of Ubuntu and its derivatives:

Ubuntu 6.10

Ubuntu 6.06 LTS

Ubuntu 5.10

Software Description

Details

Moritz Jodeit discovered that the DirectShow loader of Xine did not
correctly validate the size of an allocated buffer. By tricking a user
into opening a specially crafted media file, an attacker could execute
arbitrary code with the user’s privileges.

Update instructions

The problem can be corrected by updating your system to the following package versions: